Contents
1. Disable SELinux
SELinux is a feature that provides a highly secure system architecture that prevents the concentration of privileges on root.
In openSUSE, it is disabled at the time of installation.
To check
SELINUX=disabled
2. Use su command
If you don’t want to set the root password, set it as follows
After logging in as a general user
lan@localhost:~> sudo passwd root
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
New password:
Retype new password:
passwd: password updated successfully
lan@localhost:~> su –
Password:
localhost:~ #
3. Modernize the system
To bring the system up to date, enter the following command。
4. Install locate
In many cases, the find command is used to search for a specific file on the entire Linux system.
The find option is somewhat confusing.
The locate command is capable of extracting all files with the specified file name
# zypper -n install mlocate
Create a database
# updatedb
# locate sshd
etc/pam.d/sshd
/etc/ssh/sshd_config
/etc/sysconfig/SuSEfirewall2.d/services/sshd
/etc/systemd/system/multi-user.target.wants/sshd.service
/usr/lib/systemd/system/sshd.service
/usr/lib/sysusers.d/sshd.conf
/usr/lib64/ruby/gems/2.5.0/gems/ruby-augeas-0.5.0/tests/root/etc/ssh/sshd_config
/usr/sbin/rcsshd
/usr/sbin/sshd
/usr/sbin/sshd-gen-keys-start
/usr/share/YaST2/scrconf/etc_ssh_sshd_config.scr
/usr/share/apparmor/extra-profiles/usr.sbin.sshd
/usr/share/augeas/lenses/dist/sshd.aug
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sshd.8.gz
/usr/share/vim/vim80/syntax/sshdconfig.vim
/var/lib/sshd
5. Services stopped for security measures.
# disable atd.service
# systemctl stop auditd.service
# systemctl disable auditd.service
# systemctl stop mdmonitor.service
# systemctl disable mdmonitor.service
# systemctl stop smartd.service
# systemctl disable smartd.service
# systemctl stop tuned.service
# systemctl disable tuned.service
# systemctl stop dm-event.socket
# systemctl disable dm-event.socket
6. Network Settings
6.1 Host name setting
Change the hostname to Lepard to test it.
localhost:~ # hostnamectl set-hostname Lepard
localhost:~# reboot
lan@Lepard:~>
6.2 Fixed IP address setting
First, find out the name of your network interface with the following command
This time it is “eth0”.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:aa:4e:15 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 192.168.11.84/24 brd 192.168.11.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feaa:4e15/64 scope link
valid_lft forever preferred_lft forever
In most cases, the router address is something like “192.168.11.1” or “192.168.0.1.
We will use “192.168.11.1” as an example.
# Change as follows (replace IP address and other values with your own environment)
BOOTPROTO=’static’
BROADCAST=’192.168.11.255′
ETHTOOL_OPTIONS=”
IPADDR=’192.168.11.11′
MTU=”
NAME=”
NETMASK=’255.255.255.0′
NETWORK=’192.168.11.0′
REMOTE_IPADDR=”
STARTMODE=’auto’
DHCLIENT_SET_DEFAULT_ROUTE=’yes’
# Line 182: Add your domain name. (To be added to the search line in resolv.conf)
NETCONFIG_DNS_STATIC_SEARCHLIST=”<your domain name.>”
# Line 195: DNS server settings to reference
NETCONFIG_DNS_STATIC_SERVERS=”192.168.11.1″
#Create New: Default Gateway Settings
default 192.168.11.1 – eth0
# reboot
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:aa:4e:15 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 192.168.11.11/24 brd 192.168.11.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feaa:4e15/64 scope link
valid_lft forever preferred_lft forever
6. IPv6 disablement
# Line 12: additional entry
GRUB_CMDLINE_LINUX=”ipv6.disable=1“
# Reflect changes
# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file …
Found theme: /boot/grub2/themes/openSUSE/theme.txt
Found linux image: /boot/vmlinuz-5.3.18-150300.59.43-default
Found initrd image: /boot/initrd-5.3.18-150300.59.43-default
done